Closed warrenjmcdonald closed 4 years ago
Interesting. This is processing the result of a query to https://api.hackertarget.com/dnslookup. See example: https://api.hackertarget.com/dnslookup/?q=google.com
Trying to reproduce your error, the only response I've been able to generate which would trigger this error is in the case when the API does not actually return any results, e.g.: https://api.hackertarget.com/dnslookup/?q=invalidinput
in which case the run of ASM wouldn't make much sense anyway.
Huh, actually this is odd. Looks like that API yields the invalid input error for https://api.hackertarget.com/dnslookup/?q=something.com . I would guess that this is a bug in hackertarget where they're incorrectly treating something.com
as equivalent to example.com
. Do you see this behavior with any other domains?
Thanks for looking at this. The case where this fails was where I pointed at a subdomain, that has no MX or TXT records for mail handling. It works fine for whole domain as those records are present.
I am really just suggesting that since this scenario is not uncommon, it would be better to catch this condition and fail this inside hosthunter.py gracefully rather than exit out of the whole test with failure, requiring to start again with different target params.
Nice find! Yeah, that seems sensible to me too.
Hi, I've got the same error with a domain not a subdomain File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup if (word[4] == "TXT") and ("v=spf1" in word[5]): IndexError: list index out of range
I am having the same error as @serval21 and I have tried this on multiple hosts now. The domains are legitimate and the results are the expected format from the hackertarget.com service.
The SPF Record matches the results of the google.com query https://api.hackertarget.com/dnslookup/?q=google.com
@superhedgy I think this is solved by simply change the position of the index in the for loop in the hosthunter.py script. It seems to work for me after I made this adjustment.
Orginal
if (word[4] == "TXT") and ("v=spf1" in word[5]):
Adjusted
if (word[0] == "TXT") and ("v=spf1" in word[1]):
True, they have changed their format. Thanks again Conor, I am pushing an update tonight.
I am getting this error which looks like a pattern in the email dns entries is unexpected. Given the chance of this happening, it seems like this should be caught and allowed to proceed.
launched with args: --stealth -v -t something.com -o /home/user/ASM-something -f CSV -sc
Traceback (most recent call last): File "ASM.py", line 890, in
main(keychain,sw1,output_path,c1)
File "ASM.py", line 672, in main
hosthunter.dnslookup(target_list[key]) # Passive
File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup
if (word[4] == "TXT") and ("v=spf1" in word[5]):
IndexError: list index out of range